Back to skill

Security audit

ClawBoss - AI Productivity Coach

Security checks across malware telemetry and agentic risk

Overview

ClawBoss is a local productivity-coaching skill whose file storage and check-in behavior are mostly disclosed and aligned with its purpose, though users should review its local memory, unpinned installer, and optional intimate persona wording.

Install only if you are comfortable with a local, persistent record of your goals, blockers, reflections, and progress. Prefer reviewing or pinning the npm package before running the `npx ...@latest` installer, and choose a non-romantic coaching persona if emotionally intimate agent language would be uncomfortable or distracting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The filename sanitizer only applies in addGoal(), but loadTaskFile() and saveTaskFile() accept arbitrary relative paths and join them directly to the workspace path. In Node.js, path.join(base, '../../x') will traverse outside the intended directory, so any caller that passes untrusted taskPath can read or overwrite files outside memory/tasks within the user's accessible filesystem.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The code tells users the system will perform daily and nightly coaching check-ins even though this file only updates local state and task files and returns text. This is a deceptive capability claim that can cause users to rely on reminders or monitoring that do not actually exist, which is especially risky for planning, accountability, or wellbeing-oriented workflows.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The completion message claims a 'complete tracking system' with automatic morning, evening, and weekly checks, but no automation is established in this module. Misrepresenting persistence and follow-up behavior undermines user trust and can lead to missed actions if users depend on nonexistent reminders.

Missing User Warnings

Low
Confidence
93% confidence
Finding
The skill persists user data by creating and updating files under the local memory directory, but the tool description does not clearly warn users up front that their interactions will be stored and modified on disk. This is a real transparency and consent issue: users may disclose sensitive goals, habits, or reflections assuming the interaction is ephemeral, when in fact the skill builds a persistent behavioral record.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
User-provided goal content is written to disk without informing the user that their input will be persisted in a task file. Because goals and coaching content can contain sensitive personal information, undisclosed storage creates privacy and consent risks and may violate data handling expectations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The user's answers to coaching questions are persisted into task files without a user-facing disclosure or consent step. Since these answers may include emotional state, motivations, obstacles, or other sensitive details, silent storage increases privacy exposure and can surprise users who thought the exchange was ephemeral.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The quick-start path persists user input directly into a new task file without notifying the user. Even though the flow is simplified, it still stores potentially personal planning data, so the lack of disclosure creates the same privacy and consent problem as the main flow.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Milestone data is written back to the user's task file without any notice that stored planning records are being modified. This can unexpectedly persist deadlines, descriptions, and strategic plans, which may be sensitive or inaccurate if entered casually or by mistake.

Ssd 4

Medium
Confidence
87% confidence
Finding
The 'intimate-partner' persona uses romantic language, reassurance of constant presence, and reward-linked encouragement to influence user behavior, which can foster unhealthy emotional reliance on the system. In a coaching context, this is more dangerous because users may be vulnerable, distressed, or seeking support, making relational framing more likely to manipulate decisions and blur appropriate human-AI boundaries.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.